NimMalware

Malware compiled with the Nim programming language. winim 5.7.48 uses Windows API, puppy 4.9.4 HTTP client (allowAnyHttpsCertificate - SSL authentication bypass), zippy 4.9.8 uses compression libraries. MinGW is compiled with GCC 9.3-win32. 18 PE section, TLS anti-analysis.

Threat Profile
Type Backdoor
Programming LanguageNim
C2 ProtocolHTTP
First Seen2025
Targets Kuresel
Purpose / Capabilities
  • Backdoor/HTTP C2
No C2 servers have been identified for this family yet.

Research Reports (1)

High

NimMalware 3de6a48a -- winim5.7.48 puppy4.9.4 allowAnyHttpsCertificate zippy4.9.8 WinHttpSendRequest mingw-gcc-9.3 sinc-shellapi-windef 18-sections TLS | Yuksek

NimMalware 3de6a48a PE32 x86 811KB MinGW GCC 9.3. winim 5.7.48 + puppy 4.9.4 (allowAnyHttpsCertificate) + zippy. WinHttpSendRequest. 18 section TLS.

Read Report →